diff options
-rw-r--r-- | net-firewall/ipsec-tools/ChangeLog | 7 | ||||
-rw-r--r-- | net-firewall/ipsec-tools/files/ipsec.conf | 26 | ||||
-rw-r--r-- | net-firewall/ipsec-tools/files/racoon.conf.d | 18 | ||||
-rw-r--r-- | net-firewall/ipsec-tools/files/racoon.init.d | 58 | ||||
-rw-r--r-- | net-firewall/ipsec-tools/files/racoon.init.d-r1 | 56 | ||||
-rw-r--r-- | net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild | 236 | ||||
-rw-r--r-- | net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild | 237 |
7 files changed, 6 insertions, 632 deletions
diff --git a/net-firewall/ipsec-tools/ChangeLog b/net-firewall/ipsec-tools/ChangeLog index 072ae21315ec..be34914f4d37 100644 --- a/net-firewall/ipsec-tools/ChangeLog +++ b/net-firewall/ipsec-tools/ChangeLog @@ -1,6 +1,11 @@ # ChangeLog for net-firewall/ipsec-tools # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.112 2013/03/23 19:15:21 floppym Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ChangeLog,v 1.113 2013/06/15 19:30:19 blueness Exp $ + + 15 Jun 2013; Anthony G. Basile <blueness@gentoo.org> -files/ipsec.conf, + -files/racoon.conf.d, -files/racoon.init.d, -files/racoon.init.d-r1, + -ipsec-tools-0.8.0-r3.ebuild, -ipsec-tools-0.8.0-r4.ebuild: + Remove older versions 23 Mar 2013; Mike Gilbert <floppym@gentoo.org> ipsec-tools-0.8.0-r5.ebuild, ipsec-tools-0.8.1.ebuild: diff --git a/net-firewall/ipsec-tools/files/ipsec.conf b/net-firewall/ipsec-tools/files/ipsec.conf deleted file mode 100644 index bfff04af069a..000000000000 --- a/net-firewall/ipsec-tools/files/ipsec.conf +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/sbin/setkey -f -# -# THIS IS A SAMPLE FILE! -# -# This is a sample file to test Gentoo's ipsec-tools out of the box. -# Do not use it in production. See: http://www.ipsec-howto.org/ -# -flush; -spdflush; - -# -# Uncomment the following if you want to do manual keying, ie, you want to run IPsec without racoon. -# Do not switch 192.168.3.21 <-> 192.168.3.25 on the peer -# -#add 192.168.3.25 192.168.3.21 ah 0x200 -A hmac-md5 0xc0291ff014dccdd03874d9e8e4cdf3e6; -#add 192.168.3.21 192.168.3.25 ah 0x300 -A hmac-md5 0x96358c90783bbfa3d7b196ceabe0536b; -#add 192.168.3.25 192.168.3.21 esp 0x201 -E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831; -#add 192.168.3.21 192.168.3.25 esp 0x301 -E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df; - -# -# Make sure to switch 192.168.3.21 <-> 192.168.3.25 on the peer -# -#spdadd 192.168.3.21 192.168.3.25 any -P out ipsec esp/transport//require ah/transport//require; -#spdadd 192.168.3.25 192.168.3.21 any -P in ipsec esp/transport//require ah/transport//require; -spdadd 192.168.3.25 192.168.3.21 any -P out ipsec esp/transport//require ah/transport//require; -spdadd 192.168.3.21 192.168.3.25 any -P in ipsec esp/transport//require ah/transport//require; diff --git a/net-firewall/ipsec-tools/files/racoon.conf.d b/net-firewall/ipsec-tools/files/racoon.conf.d deleted file mode 100644 index b201e4089f3f..000000000000 --- a/net-firewall/ipsec-tools/files/racoon.conf.d +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.4 2012/03/09 02:55:47 blueness Exp $ - -# Config file for /etc/init.d/racoon - -# See the man page or run `racoon --help` for valid command-line options -# RACOON_OPTS="-d" - -RACOON_CONF="/etc/racoon/racoon.conf" -RACOON_PSK_FILE="/etc/racoon/psk.txt" -SETKEY_CONF="/etc/ipsec.conf" - -# Comment or remove the following if you don't want the policy tables -# to be flushed when racoon is stopped. - -RACOON_RESET_TABLES="true" - diff --git a/net-firewall/ipsec-tools/files/racoon.init.d b/net-firewall/ipsec-tools/files/racoon.init.d deleted file mode 100644 index 16fdec7e3a37..000000000000 --- a/net-firewall/ipsec-tools/files/racoon.init.d +++ /dev/null @@ -1,58 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - before netmount - use net -} - -checkconfig() { - if [ ! -e ${SETKEY_CONF} ] ; then - eerror "You need to configure setkey before starting racoon." - return 1 - fi - if [ ! -e ${RACOON_CONF} ] ; then - eerror "You need a configuration file to start racoon." - return 1 - fi - if [ ! -z ${RACOON_PSK_FILE} ] ; then - if [ ! -f ${RACOON_PSK_FILE} ] ; then - eerror "PSK file not found as specified." - eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." - return 1 - fi - case "`ls -Lldn ${RACOON_PSK_FILE}`" in - -r--------*) - ;; - *) - eerror "Your defined PSK file should be mode 400 for security!" - return 1 - ;; - esac - fi -} - -start() { - checkconfig || return 1 - einfo "Loading ipsec policies from ${SETKEY_CONF}." - /usr/sbin/setkey -f ${SETKEY_CONF} - if [ $? -eq 1 ] ; then - eerror "Error while loading ipsec policies" - fi - ebegin "Starting racoon" - start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS} - eend $? -} - -stop() { - ebegin "Stopping racoon" - start-stop-daemon -K -p /var/run/racoon.pid - eend $? - if [ -n "${RACOON_RESET_TABLES}" ]; then - ebegin "Flushing policy entries" - /usr/sbin/setkey -F - /usr/sbin/setkey -FP - eend $? - fi -} diff --git a/net-firewall/ipsec-tools/files/racoon.init.d-r1 b/net-firewall/ipsec-tools/files/racoon.init.d-r1 deleted file mode 100644 index 04b57522dbe7..000000000000 --- a/net-firewall/ipsec-tools/files/racoon.init.d-r1 +++ /dev/null @@ -1,56 +0,0 @@ -#!/sbin/runscript -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - before netmount - use net -} - -checkconfig() { - if [ ! -e ${SETKEY_CONF} ] ; then - eerror "You need to configure setkey before starting racoon." - return 1 - fi - if [ ! -e ${RACOON_CONF} ] ; then - eerror "You need a configuration file to start racoon." - return 1 - fi - if [ ! -z ${RACOON_PSK_FILE} ] ; then - if [ ! -f ${RACOON_PSK_FILE} ] ; then - eerror "PSK file not found as specified." - eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon." - return 1 - fi - case "`ls -Lldn ${RACOON_PSK_FILE}`" in - -r--------*) - ;; - *) - eerror "Your defined PSK file should be mode 400 for security!" - return 1 - ;; - esac - fi -} - -command=/usr/sbin/racoon -command_args="-f ${RACOON_CONF} ${RACOON_OPTS}" -pidfile=/var/run/racoon.pid - -start_pre() { - checkconfig || return 1 - einfo "Loading ipsec policies from ${SETKEY_CONF}." - /usr/sbin/setkey -f ${SETKEY_CONF} - if [ $? -eq 1 ] ; then - eerror "Error while loading ipsec policies" - fi -} - -stop_post() { - if [ -n "${RACOON_RESET_TABLES}" ]; then - ebegin "Flushing policy entries" - /usr/sbin/setkey -F - /usr/sbin/setkey -FP - eend $? - fi -} diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild deleted file mode 100644 index 4e6a8fed31fa..000000000000 --- a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild +++ /dev/null @@ -1,236 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r3.ebuild,v 1.11 2012/09/16 17:57:53 blueness Exp $ - -EAPI="4" - -inherit eutils flag-o-matic autotools linux-info pam - -DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" -HOMEPAGE="http://ipsec-tools.sourceforge.net/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="amd64 arm ~mips ppc ppc64 x86" -IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats" - -RDEPEND=" - dev-libs/openssl - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap ) - pam? ( sys-libs/pam ) - readline? ( sys-libs/readline ) - selinux? ( - sys-libs/libselinux - sec-policy/selinux-ipsec - )" - -DEPEND="${RDEPEND} - >=sys-kernel/linux-headers-2.6.30" - -pkg_setup() { - linux-info_pkg_setup - - get_version - - if linux_config_exists && kernel_is -ge 2 6 19; then - ewarn - ewarn "\033[1;33m**************************************************\033[00m" - ewarn - ewarn "Checking kernel configuration in /usr/src/linux or" - ewarn "or /proc/config.gz for compatibility with ${PN}." - ewarn "Here are the potential problems:" - ewarn - - local nothing="1" - - # Check options for all flavors of IPSec - local msg="" - for i in XFRM_USER NET_KEY; do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "ALL IPSec may fail. CHECK:" - ewarn "${msg}" - fi - - # Check unencrypted IPSec - if ! linux_chkconfig_present CRYPTO_NULL; then - nothing="0" - ewarn - ewarn "Unencrypted IPSec may fail. CHECK:" - ewarn " CRYPTO_NULL" - fi - - # Check IPv4 IPSec - msg="" - for i in \ - INET_IPCOMP INET_AH INET_ESP \ - INET_XFRM_MODE_TRANSPORT \ - INET_XFRM_MODE_TUNNEL \ - INET_XFRM_MODE_BEET - do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "IPv4 IPSec may fail. CHECK:" - ewarn "${msg}" - fi - - # Check IPv6 IPSec - if use ipv6; then - msg="" - for i in INET6_IPCOMP INET6_AH INET6_ESP \ - INET6_XFRM_MODE_TRANSPORT \ - INET6_XFRM_MODE_TUNNEL \ - INET6_XFRM_MODE_BEET - do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "IPv6 IPSec may fail. CHECK:" - ewarn "${msg}" - fi - fi - - # Check IPSec behind NAT - if use nat; then - if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then - nothing="0" - ewarn - ewarn "IPSec behind NAT may fail. CHECK:" - ewarn " NETFILTER_XT_MATCH_POLICY" - fi - fi - - if [[ $nothing == "1" ]]; then - ewarn "NO PROBLEMS FOUND" - fi - - ewarn - ewarn "WARNING: If your *configured* and *running* kernel" - ewarn "differ either now or in the future, then these checks" - ewarn "may lead to misleading results." - ewarn - ewarn "\033[1;33m**************************************************\033[00m" - ewarn - else - eerror - eerror "\033[1;31m**************************************************\033[00m" - eerror "Make sure that your *running* kernel is/will be >=2.6.19." - eerror "Building ${PN} now, assuming that you know what you're doing." - eerror "\033[1;31m**************************************************\033[00m" - eerror - fi -} - -src_prepare() { - # fix for bug #124813 - sed -i 's:-Werror::g' "${S}"/configure.ac || die - # fix for building with gcc-4.6 - sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die - - epatch "${FILESDIR}/${PN}-def-psk.patch" - epatch "${FILESDIR}/${PN}-include-vendoridh.patch" - - AT_M4DIR="${S}" eautoreconf - epunt_cxx -} - -src_configure() { - #--with-{iconv,libradius} lead to "Broken getaddrinfo()" - #--enable-samode-unspec is not supported in linux - local myconf - myconf="--with-kernel-headers=/usr/include \ - --enable-adminport \ - --enable-dependency-tracking \ - --enable-dpd \ - --enable-frag \ - --without-libiconv \ - --without-libradius \ - --disable-samode-unspec \ - $(use_enable idea) \ - $(use_enable ipv6) \ - $(use_enable kerberos gssapi) \ - $(use_with ldap libldap) \ - $(use_enable nat natt) \ - $(use_with pam libpam) \ - $(use_enable rc5) \ - $(use_with readline) \ - $(use_enable selinux security-context) \ - $(use_enable stats)" - - use nat && myconf="${myconf} --enable-natt-versions=yes" - - # enable mode-cfg and xauth support - if use pam; then - myconf="${myconf} --enable-hybrid" - else - myconf="${myconf} $(use_enable hybrid)" - fi - - econf ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - keepdir /var/lib/racoon - newconfd "${FILESDIR}"/racoon.conf.d racoon - newinitd "${FILESDIR}"/racoon.init.d racoon - use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon - - insinto /etc - doins "${FILESDIR}"/ipsec.conf - insinto /etc/racoon - doins "${FILESDIR}"/racoon.conf - doins "${FILESDIR}"/psk.txt - chmod 400 "${D}"/etc/racoon/psk.txt - - dodoc ChangeLog README NEWS - dodoc -r src/racoon/samples - dodoc -r src/racoon/doc - docinto samples - newdoc src/setkey/sample.cf ipsec.conf -} - -pkg_postinst() { - if use nat; then - elog - elog "You have enabled the nat traversal functionnality." - elog "Nat versions wich are enabled by default are 00,02,rfc" - elog "you can find those drafts in the CVS repository:" - elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" - elog - elog "If you feel brave enough and you know what you are" - elog "doing, you can consider emerging this ebuild with" - elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" - elog - fi - - if use ldap; then - elog - elog "You have enabled ldap support with {$PN}." - elog "The man page does NOT contain any information on it yet." - elog "Consider using a more recent version or CVS." - elog - fi - - elog - elog "Please have a look in /usr/share/doc/${P} and visit" - elog "http://www.netbsd.org/Documentation/network/ipsec/" - elog "to find more information on how to configure this tool." - elog -} diff --git a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild b/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild deleted file mode 100644 index 2633e35c8e41..000000000000 --- a/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild +++ /dev/null @@ -1,237 +0,0 @@ -# Copyright 1999-2012 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/ipsec-tools-0.8.0-r4.ebuild,v 1.2 2012/09/25 01:12:33 vapier Exp $ - -EAPI="4" - -inherit eutils flag-o-matic autotools linux-info pam - -DESCRIPTION="A port of KAME's IPsec utilities to the Linux-2.6 IPsec implementation" -HOMEPAGE="http://ipsec-tools.sourceforge.net/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="~amd64 ~arm ~mips ~ppc ~ppc64 ~x86" -IUSE="hybrid idea ipv6 kerberos ldap nat pam rc5 readline selinux stats" - -RDEPEND=" - dev-libs/openssl - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap ) - pam? ( sys-libs/pam ) - readline? ( sys-libs/readline ) - selinux? ( - sys-libs/libselinux - sec-policy/selinux-ipsec - )" - -DEPEND="${RDEPEND} - >=sys-kernel/linux-headers-2.6.30" - -pkg_setup() { - linux-info_pkg_setup - - get_version - - if linux_config_exists && kernel_is -ge 2 6 19; then - ewarn - ewarn "\033[1;33m**************************************************\033[00m" - ewarn - ewarn "Checking kernel configuration in /usr/src/linux or" - ewarn "or /proc/config.gz for compatibility with ${PN}." - ewarn "Here are the potential problems:" - ewarn - - local nothing="1" - - # Check options for all flavors of IPSec - local msg="" - for i in XFRM_USER NET_KEY; do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "ALL IPSec may fail. CHECK:" - ewarn "${msg}" - fi - - # Check unencrypted IPSec - if ! linux_chkconfig_present CRYPTO_NULL; then - nothing="0" - ewarn - ewarn "Unencrypted IPSec may fail. CHECK:" - ewarn " CRYPTO_NULL" - fi - - # Check IPv4 IPSec - msg="" - for i in \ - INET_IPCOMP INET_AH INET_ESP \ - INET_XFRM_MODE_TRANSPORT \ - INET_XFRM_MODE_TUNNEL \ - INET_XFRM_MODE_BEET - do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "IPv4 IPSec may fail. CHECK:" - ewarn "${msg}" - fi - - # Check IPv6 IPSec - if use ipv6; then - msg="" - for i in INET6_IPCOMP INET6_AH INET6_ESP \ - INET6_XFRM_MODE_TRANSPORT \ - INET6_XFRM_MODE_TUNNEL \ - INET6_XFRM_MODE_BEET - do - if ! linux_chkconfig_present ${i}; then - msg="${msg} ${i}" - fi - done - if [[ ! -z "$msg" ]]; then - nothing="0" - ewarn - ewarn "IPv6 IPSec may fail. CHECK:" - ewarn "${msg}" - fi - fi - - # Check IPSec behind NAT - if use nat; then - if ! linux_chkconfig_present NETFILTER_XT_MATCH_POLICY; then - nothing="0" - ewarn - ewarn "IPSec behind NAT may fail. CHECK:" - ewarn " NETFILTER_XT_MATCH_POLICY" - fi - fi - - if [[ $nothing == "1" ]]; then - ewarn "NO PROBLEMS FOUND" - fi - - ewarn - ewarn "WARNING: If your *configured* and *running* kernel" - ewarn "differ either now or in the future, then these checks" - ewarn "may lead to misleading results." - ewarn - ewarn "\033[1;33m**************************************************\033[00m" - ewarn - else - eerror - eerror "\033[1;31m**************************************************\033[00m" - eerror "Make sure that your *running* kernel is/will be >=2.6.19." - eerror "Building ${PN} now, assuming that you know what you're doing." - eerror "\033[1;31m**************************************************\033[00m" - eerror - fi -} - -src_prepare() { - # fix for bug #124813 - sed -i 's:-Werror::g' "${S}"/configure.ac || die - # fix for building with gcc-4.6 - sed -i 's: -R: -Wl,-R:' "${S}"/configure.ac || die - - epatch "${FILESDIR}/${PN}-def-psk.patch" - epatch "${FILESDIR}/${PN}-include-vendoridh.patch" - epatch "${FILESDIR}"/${P}-sysctl.patch #425770 - - AT_M4DIR="${S}" eautoreconf - epunt_cxx -} - -src_configure() { - #--with-{iconv,libradius} lead to "Broken getaddrinfo()" - #--enable-samode-unspec is not supported in linux - local myconf - myconf="--with-kernel-headers=/usr/include \ - --enable-adminport \ - --enable-dependency-tracking \ - --enable-dpd \ - --enable-frag \ - --without-libiconv \ - --without-libradius \ - --disable-samode-unspec \ - $(use_enable idea) \ - $(use_enable ipv6) \ - $(use_enable kerberos gssapi) \ - $(use_with ldap libldap) \ - $(use_enable nat natt) \ - $(use_with pam libpam) \ - $(use_enable rc5) \ - $(use_with readline) \ - $(use_enable selinux security-context) \ - $(use_enable stats)" - - use nat && myconf="${myconf} --enable-natt-versions=yes" - - # enable mode-cfg and xauth support - if use pam; then - myconf="${myconf} --enable-hybrid" - else - myconf="${myconf} $(use_enable hybrid)" - fi - - econf ${myconf} -} - -src_install() { - emake DESTDIR="${D}" install - keepdir /var/lib/racoon - newconfd "${FILESDIR}"/racoon.conf.d racoon - newinitd "${FILESDIR}"/racoon.init.d-r1 racoon - use pam && newpamd "${FILESDIR}"/racoon.pam.d racoon - - insinto /etc - doins "${FILESDIR}"/ipsec.conf - insinto /etc/racoon - doins "${FILESDIR}"/racoon.conf - doins "${FILESDIR}"/psk.txt - chmod 400 "${D}"/etc/racoon/psk.txt - - dodoc ChangeLog README NEWS - dodoc -r src/racoon/samples - dodoc -r src/racoon/doc - docinto samples - newdoc src/setkey/sample.cf ipsec.conf -} - -pkg_postinst() { - if use nat; then - elog - elog "You have enabled the nat traversal functionnality." - elog "Nat versions wich are enabled by default are 00,02,rfc" - elog "you can find those drafts in the CVS repository:" - elog "cvs -d anoncvs@anoncvs.netbsd.org:/cvsroot co ipsec-tools" - elog - elog "If you feel brave enough and you know what you are" - elog "doing, you can consider emerging this ebuild with" - elog "EXTRA_ECONF=\"--enable-natt-versions=08,07,06\"" - elog - fi - - if use ldap; then - elog - elog "You have enabled ldap support with {$PN}." - elog "The man page does NOT contain any information on it yet." - elog "Consider using a more recent version or CVS." - elog - fi - - elog - elog "Please have a look in /usr/share/doc/${P} and visit" - elog "http://www.netbsd.org/Documentation/network/ipsec/" - elog "to find more information on how to configure this tool." - elog -} |